search

apache / incubator-pagespeed-ngx

Automatic PageSpeed optimization module for Nginx
http://ngxpagespeed.com/
Apache License 2.0
4.37k stars 365 forks source link

Issue with HTTPS only page and noscript support and beacon are injected as http. #1755

Open bigretromike opened 2 years ago

bigretromike commented 2 years ago

My server serve pages via https (http/2) and redirect every http traffic to https. I had few issues but somehow resolve most of them: 1) the <noscript><meta http-equiv=refresh content="0;url='**http**://redacted/?PageSpeed=noscript'"/>... that pagespeed included was HTTP instead of HTTPS, that was resolve via disabling adding code and add it manually. pagespeed SupportNoScriptEnabled false; 2) the issue that I have now (I don't know if that's gonna be big issue or not) is that the beacon is added with http instead of http**s**. I tried rewriting beacon url but that append to value before /ngx_pagespeed_beacon and not the http://redacted part.

pagespeed.CriticalImages.Run('/ngx_pagespeed_beacon','http://redacted/','gLvPo-P25G',false,true,'zFnuPmTKJDs');

The beacon is hosted correctly and POST is send to correct endpoint but the url that is passed to it is with bad protocol (http instead of https) https://redacted/ngx_pagespeed_beacon?url=http://redacted/

I have:

pagespeed Domain https://redacted;
# pagespeed MapOriginDomain "https://redacted" "http://redacted";  # this one doesn't affect beacon so this one is turn off
pagespeed MapRewriteDomain "https://redacted" "http://redacted"
pagespeed LoadFromFile "https://redacted/wp-content/" "/var/www/wp-content/";
pagespeed LoadFromFile "http://redacted/wp-content/" "/var/www/wp-content/";

sadly if I dont add LoadFromFile for http address my site break as it get error in console: # [Warning] [1502319] [image.webp:0] Resource based on http://redacted/wp-content/uploads/2022/07/image.webp but cannot access the original Also I see a lot http logs on pagespeed_admin console tab and im unsure if its hardcoded or HTTPS is not fully supported.

nginx 1.23 pagespeed 1.14.36.1-0

Lofesa commented 2 years ago 
pagespeed Domain https://redacted;
# pagespeed MapOriginDomain "https://redacted" "http://redacted";  # this one doesn't affect beacon so this one is turn off
pagespeed MapRewriteDomain "https://redacted" "http://redacted"
pagespeed LoadFromFile "https://redacted/wp-content/" "/var/www/wp-content/";
pagespeed LoadFromFile "http://redacted/wp-content/" "/var/www/wp-content/";

Are these lines all the pagespeed config? Try to add some like:

pagespeed FetchHttps enable; pagespeed SslCertDirectory directory; (directory in Debian based normally is /etc/ssl/certs, Centos /etc/pki/tls/certs pagespeed SslCertFile file; (Only for Red-Hat/Centos distro /etc/pki/tls/cert.pem.)

bigretromike commented 2 years ago 
pagespeed Domain https://redacted;
# pagespeed MapOriginDomain "https://redacted" "http://redacted";  # this one doesn't affect beacon so this one is turn off
pagespeed MapRewriteDomain "https://redacted" "http://redacted"
pagespeed LoadFromFile "https://redacted/wp-content/" "/var/www/wp-content/";
pagespeed LoadFromFile "http://redacted/wp-content/" "/var/www/wp-content/";

Are these lines all the pagespeed config? Try to add some like:

pagespeed FetchHttps enable; pagespeed SslCertDirectory directory; (directory in Debian based normally is /etc/ssl/certs, Centos /etc/pki/tls/certs pagespeed SslCertFile file; (Only for Red-Hat/Centos distro /etc/pki/tls/cert.pem.)

Yes, they are.

I have this in nginx.conf

        pagespeed FetchHttps enable;
        pagespeed SslCertDirectory /etc/ssl/certs;
        pagespeed FetcherTimeoutMs 10000;
        pagespeed NativeFetcherMaxKeepaliveRequests 50;
        pagespeed UseNativeFetcher off;         # use better fetcher
        resolver 127.0.0.1;                     # dns for fetrcher
Lofesa commented 2 years ago

And you have a DNS server i 127.0.0.1? And I supose you are not using any proxy cache or load balancing, rigth?

bigretromike commented 2 years ago

And you have a DNS server i 127.0.0.1? And I supose you are not using any proxy cache or load balancing, rigth?

You are correct 127.0.0.1 is auth dns server for domain that is used and it also resolved all other querys. Only proxy I use are the one build in nginx and php - I dont use proxy or load balancers on that server.

Lofesa commented 2 years ago

Sorry for commig too late, but have personal issues that make me out of internet for some time.

The site runs in https, so why have you:

pagespeed MapRewriteDomain "https://redacted" "http://redacted"; pagespeed LoadFromFile "http://redacted/wp-content/" "/var/www/wp-content/";

MapRewriteDomain makes any ocurrence of http://redacted is rewrited as https://redacted, but if the site runs w/o any proxy, ssl end point or similar thing, why you have http resources in an https page?

The error you have posted say this:

# [Warning] [1502319] [image.webp:0] Resource based on http://redacted/wp-content/uploads/2022/07/image.webp but cannot access the original

So pagespeed is searching for a http resource.

bigretromike commented 2 years ago

Sorry for commig too late, but have personal issues that make me out of internet for some time.

The site runs in https, so why have you:

pagespeed MapRewriteDomain "https://redacted" "http://redacted"; pagespeed LoadFromFile "http://redacted/wp-content/" "/var/www/wp-content/";

MapRewriteDomain makes any ocurrence of http://redacted is rewrited as https://redacted, but if the site runs w/o any proxy, ssl end point or similar thing, why you have http resources in an https page?

The error you have posted say this:

# [Warning] [1502319] [image.webp:0] Resource based on http://redacted/wp-content/uploads/2022/07/image.webp but cannot access the original

So pagespeed is searching for a http resource.

Thanks for replay, better than newer.

  1. pagespeed MapRewriteDomain "https://redacted/" "http://redacted/"; I added it was suggested on other forums to maybe "force" any http request to https - with or without there is no changes looks like I leave those uncommented.
  2. pagespeed LoadFromFile "http://redacted/wp-content/" "/var/www/wp-content/"; even if the page serve content thru https, the fallback to http made it tricky as it is same server for http/https content but I would prefer all traffic go thry https so I mapped http url location to local path, also another thing that I tested with and without, and this one cut a lot of errors. still did not resolve issue with https page getting called back by pagespeed thru http.
  3. Yes, page does run without proxy, the page runs fine on http also but it is servered via https without any content pointing to http (aka no mixed content)
  4. both https and http for redacted/wp-content/uploads/2022/07/image.webp is available.
Lofesa commented 2 years ago

The problem seems that pagespeed don't see the https version .

Generally spoken having 2 version (http and https) of the same site is a bad idea. Search engines (google ammong others) may consider these pages are duplicate conted. The rigth way is having a 301 redirect from http to https version. Some like:

server { listen 80; server_name your-server-name.com return 301 https://$host$request_uri; } server { listen 443; server_name your-server-name.com; pagespeed on; here pagespeed directives . }

bigretromike commented 2 years ago

Yes, I do have 301 redirection from http version to https. I also have www to non-www version 301 redirect.

 if ($host = www.redacted) {
                return 301 https://$host$request_uri;
        } # managed by Certbot

        if ($host = redacted) {
                return 301 https://$host$request_uri;
        } # managed by Certbot

also if https:// starts with www, its get redirected to https://non-www version:

 if ($host = www.redacted) {
                return 301 https://$host$request_uri;
        } # managed by Certbot

Still the issue is present. Imo with or without http version pagespeed should try to optimize the protocol that it was given. not the one he detects (or not) because any non-https traffic is 301 onto https thats why its a secret to my why he does anything on http.

bigretromike commented 2 years ago

I comment out every MapRewriteDomain and LoadFromFile. I disabled: 

pagespeed EnableFilters rewrite_domains;
pagespeed DomainRewriteHyperlinks on;
pagespeed LoadFromFileCacheTtlMs 3600000;  # 1h = 3600 000
pagespeed LoadFromFileRuleMatch disallow .*;
        pagespeed LoadFromFileRuleMatch allow \.css$;
        pagespeed LoadFromFileRuleMatch allow \.webp$;
        pagespeed LoadFromFileRuleMatch allow \.png$;
        pagespeed LoadFromFileRuleMatch allow \.jpg$;
        pagespeed LoadFromFileRuleMatch allow \.js$;

reloaded, yet still pagespeed try to parse http content even when every http request is redirected to https, I have no idea why.. maybe its bug in printing log ? [http://redacted/produkt/j0inya006m/:103] Unrecognized script:'<script type="text/template" id="tmpl-variation-template"></script> 103...107' when you paste http://redacted/produkt/j0inya006m/ to browser you get 301 to https://redacted/produkt/j0inya006m/

Lofesa commented 2 years ago

[http://redacted/produkt/j0inya006m/:103] Unrecognized script:'<script type="text/template" id="tmpl-variation-template" 103...107' This has nothing to do qith the issue, Pagespeed only recognizes javascript, so anything in script tags no javascript is unrecognized

Can you try adding ?PageSpeedFilters=+debug to the request?

https://redacted/someàge/?PageSpeedFilters=+debug (NOTE: PageSpeedFilters is case sensitive, must be as you see here) Make some hits qith this parameter and then take a look at the hatml code. Debug messages appears as htmk comments.

bigretromike commented 1 year ago

Welcome, once again im struggling with this issue, I didn't resolve it but now its even more anoying as I changed server, upgraded nginx, installed the latest and greatest pagespeed module, but still the issue is there. Different machine, different OS, different software version same issue.

I will be trying to resolve the issue this time and I will be posting updates with results here.

pagespeed FetchHttps enable; pagespeed SslCertDirectory directory; (directory in Debian based normally is /etc/ssl/certs, Centos /etc/pki/tls/certs pagespeed SslCertFile file; (Only for Red-Hat/Centos distro /etc/pki/tls/cert.pem.)

As I changed OS (to RHEL compatible) i added sslcert file, without any difference.

I tried adding pagespeed FetchHttps enable,allow_unkonow_certificate_authority,allow_self_signed,allow_certificate_not_yet_valide; without difference

If I add pagespeed MapRewriteDomain "https://mydomain.com" "http://mydomain.com" I get fewer errors in logs about not being able to fetch like this: [ngx_pagespeed 1.15.0.0-8917] [1202/103400:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/js/frontend-script.js,qver==2.0.2+webfont.js,qver==6.1.1.pagespeed.jc.-DJsi-JAKD.js Which is correct because I even disabled HTTP version of the page so I wont have issues because of that. But it shouldnt show up because mydomain.com is 100% https, not a single line of code/dynamic_code/static_code link to http content on the page. If I disable MapRewriteDomain, most of the images doesn't load as it tries to fetch them via http, yet the image is replaces with proper pagespeed link (that include .pagespeed. in name) but it does 404 - maybe im missing ngxin location route? The only one pointing to similar content is one located as the first location in mydomain.config file in nginx: location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; set $no_cache 1; }

Edit: Disabling pagespeed MapRewriteDomain "https://mydomain.com" "http://mydomain.com" and enabling pagespeed LoadFromFile "http://mydomain.com/wp-content/" "/var/www/web/wp-content/"; results is same behavior, which is ok because both are use to acomplished same thing, yet still pagespeed is trying to fetch data by http.

bigretromike commented 1 year ago

Configuration from Admin Page

Version: 14: on

Filters
ah  Add Head
cw  Collapse Whitespace
cc  Combine Css
ch  Combine Heads
jc  Combine Javascript
gp  Convert Gif to Png
jp  Convert Jpeg to Progressive
jw  Convert Jpeg To Webp
mc  Convert Meta Tags
pj  Convert Png to Jpeg
ws  When converting images to WebP, prefer lossless conversions
dd  Dedup Inlined Images
di  Delay Images
ea  Elide Attributes
ec  Cache Extend Css
ei  Cache Extend Images
es  Cache Extend Scripts
fc  Fallback Rewrite Css 
if  Flatten CSS Imports
hw  Flushes html
ci  Inline Css
gf  Inline Google Font CSS
ii  Inline Images
il  Inline @import to Link
ji  Inline Javascript
id  Insert Image Dimensions
js  Jpeg Subsampling
ll  Lazyload Images
tu  Left Trim Urls
cj  Move Css Above Scripts
cm  Move Css To Head
co  Outline Css
pc  Add pedantic types
pr  Prioritize Critical Css
rj  Recompress Jpeg
rp  Recompress Png
rw  Recompress Webp
rq  Remove Quotes
ri  Resize Images
rm  Resize Mobile Images
ir  Resize to Rendered Image Dimensions
rx  Responsive Images
cf  Rewrite Css
jm  Rewrite External Javascript
jj  Rewrite Inline Javascript
cs  Rewrite Style Attributes
cu  Rewrite Style Attributes With Url
cp  Strip Image Color Profiles
md  Strip Image Meta Data

Options
  AdminPath (nap)                              /pagespeed_admin
  AvoidRenamingIntrospectiveJavascript (aris)  True
  BeaconUrl (bu)                               /ngx_pagespeed_beacon
  CacheFragment (ckp)                          ohayo-cache
  CombineAcrossPaths (cp)                      False
  CriticalImagesBeaconEnabled (cibe)           True
  DisableRewriteOnNoTransform (drnt)           False
  EnableCachePurge (euci)                      True
  EnableRewriting (e)                          1
  FetcherTimeOutMs (bfto)                      10000
  FetchHttps (fhs)                             enable,allow_unknown_certificate_authority,allow_self_signed,allow_certificate_not_yet_valid
  FileCacheCleanIntervalMs (afcci)             3600000
  FileCacheInodeLimit (afcl)                   500000
  FileCachePath (afcp)                         /run/nginx-pagespeed/
  FileCacheSizeKb (afc)                        102400
  HttpCacheCompressionLevel (hccl)             9
  ImageMaxRewritesAtOnce (im)                  3
  InPlaceResourceOptimization (ipro)           False
  LazyloadImagesAfterOnload (llio)             True
  LazyloadImagesBlankUrl (llbu)                https://www.gstatic.com/psa/static/1.gif
  LogDir (ald)                                 /var/log/pagespeed
  LRUCacheByteLimit (alcb)                     16384
  LRUCacheKbPerProcess (alcp)                  10240
  MaxCacheableContentLength (rcl)              16777216
  MaxCombinedCssBytes (xcc)                    92160
  MaxCombinedJsBytes (xcj)                     192160
  MaxSegmentLength (uss)                       250
  MemcachedServers (ams)                       127.0.0.1:11211
  MemcachedThreads (amt)                       1
  MemcachedTimeoutUs (amo)                     1000000
  RewriteLevel (l)                             Core Filters
  SslCertDirectory (assld)                     /etc/pki/tls/certs
  SslCertFile (asslf)                          /etc/pki/tls/cert.pem
  Statistics (ase)                             True
  StatisticsLogging (asle)                     True
  StatisticsLoggingIntervalMs (asli)           60000
  StatisticsLoggingMaxFileSizeKb (aslfs)       1024
  StatisticsPath (nsp)                         /nxg_stat
  SupportNoScriptEnabled (snse)                False
  UseExperimentalJsMinifier (uejsm)            True

Domain Lawyer
  https://mydomain.com/ Auth

Invalidation Timestamp: Fri, 02 Dec 2022 09:27:24 GMT (1669973244968)

page with debug parameter:

<!--
mod_pagespeed on
Filters:
ah  Add Head
cw  Collapse Whitespace
cc  Combine Css
ch  Combine Heads
jc  Combine Javascript
gp  Convert Gif to Png
jp  Convert Jpeg to Progressive
jw  Convert Jpeg To Webp
mc  Convert Meta Tags
pj  Convert Png to Jpeg
ws  When converting images to WebP, prefer lossless conversions
db  Debug
dd  Dedup Inlined Images
di  Delay Images
ea  Elide Attributes
ec  Cache Extend Css
ei  Cache Extend Images
es  Cache Extend Scripts
fc  Fallback Rewrite Css 
if  Flatten CSS Imports
hw  Flushes html
ci  Inline Css
gf  Inline Google Font CSS
ii  Inline Images
il  Inline @import to Link
ji  Inline Javascript
id  Insert Image Dimensions
js  Jpeg Subsampling
ll  Lazyload Images
tu  Left Trim Urls
cj  Move Css Above Scripts
cm  Move Css To Head
co  Outline Css
pc  Add pedantic types
pr  Prioritize Critical Css
rj  Recompress Jpeg
rp  Recompress Png
rw  Recompress Webp
rq  Remove Quotes
ri  Resize Images
rm  Resize Mobile Images
ir  Resize to Rendered Image Dimensions
rx  Responsive Images
cf  Rewrite Css
jm  Rewrite External Javascript
jj  Rewrite Inline Javascript
cs  Rewrite Style Attributes
cu  Rewrite Style Attributes With Url
cp  Strip Image Color Profiles
md  Strip Image Meta Data

Options:
AvoidRenamingIntrospectiveJavascript (aris) True
CombineAcrossPaths (cp) False
CriticalImagesBeaconEnabled (cibe) True
DisableRewriteOnNoTransform (drnt) False
EnableCachePurge (euci) True
EnableRewriting (e) 1
FetcherTimeOutMs (bfto) 10000
FileCacheCleanIntervalMs (afcci) 3600000
FileCacheInodeLimit (afcl) 500000
FileCacheSizeKb (afc) 102400
HttpCacheCompressionLevel (hccl) 9
ImageMaxRewritesAtOnce (im) 3
InPlaceResourceOptimization (ipro) False
LazyloadImagesAfterOnload (llio) True
LazyloadImagesBlankUrl (llbu) https://www.gstatic.com/psa/static/1.gif
LRUCacheByteLimit (alcb) 16384
LRUCacheKbPerProcess (alcp) 10240
MaxCacheableContentLength (rcl) 16777216
MaxCombinedCssBytes (xcc) 92160
MaxCombinedJsBytes (xcj) 192160
MaxSegmentLength (uss) 250
MemcachedThreads (amt) 1
MemcachedTimeoutUs (amo) 1000000
RewriteLevel (l) Core Filters
Statistics (ase) True
StatisticsLogging (asle) True
StatisticsLoggingIntervalMs (asli) 60000
SupportNoScriptEnabled (snse) False
UseExperimentalJsMinifier (uejsm) True

#NumFlushes            0
#EndDocument after     12874us
#Total Parse duration  2699us
#Total Render duration 61599us
#Total Idle duration   10175us
No critical images detected.
The following filters were disabled for this request:
    CriticalSelectorFilter: No critical selector info in cache
    DelayImages
    Lazyload Images
-->

And nginx log contains those:

2022/12/02 11:29:56 [warn] 210834#210876: [ngx_pagespeed 1.15.0.0-8917] [1202/112956:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-includes/css/dist/block-library/A.style.min.css,qver=6.1.1.pagespeed.cf.s5bSa4kM1r.css
2022/12/02 11:29:56 [warn] 210834#210876: [ngx_pagespeed 1.15.0.0-8917] [1202/112956:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-includes/js/jquery/jquery-migrate.min.js,qver=3.3.2.pagespeed.jm.Ws-UgblvVg.js
2022/12/02 11:29:56 [warn] 210834#210877: [ngx_pagespeed 1.15.0.0-8917] [1202/112956:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-includes/js/underscore.min.js,qver=1.13.4.pagespeed.jm.-wWaxZbynX.js
bigretromike commented 1 year ago

After commenting out LoadFromFile random number of images won't show up and page 

<!--
mod_pagespeed on
Filters:
ah  Add Head
cw  Collapse Whitespace
cc  Combine Css
ch  Combine Heads
jc  Combine Javascript
gp  Convert Gif to Png
jp  Convert Jpeg to Progressive
jw  Convert Jpeg To Webp
mc  Convert Meta Tags
pj  Convert Png to Jpeg
ws  When converting images to WebP, prefer lossless conversions
db  Debug
dd  Dedup Inlined Images
di  Delay Images
ea  Elide Attributes
ec  Cache Extend Css
ei  Cache Extend Images
es  Cache Extend Scripts
fc  Fallback Rewrite Css 
if  Flatten CSS Imports
hw  Flushes html
ci  Inline Css
gf  Inline Google Font CSS
ii  Inline Images
il  Inline @import to Link
ji  Inline Javascript
id  Insert Image Dimensions
js  Jpeg Subsampling
ll  Lazyload Images
tu  Left Trim Urls
cj  Move Css Above Scripts
cm  Move Css To Head
co  Outline Css
pc  Add pedantic types
pr  Prioritize Critical Css
rj  Recompress Jpeg
rp  Recompress Png
rw  Recompress Webp
rq  Remove Quotes
ri  Resize Images
rm  Resize Mobile Images
ir  Resize to Rendered Image Dimensions
rx  Responsive Images
cf  Rewrite Css
jm  Rewrite External Javascript
jj  Rewrite Inline Javascript
cs  Rewrite Style Attributes
cu  Rewrite Style Attributes With Url
cp  Strip Image Color Profiles
md  Strip Image Meta Data

Options:
AvoidRenamingIntrospectiveJavascript (aris) True
CombineAcrossPaths (cp) False
CriticalImagesBeaconEnabled (cibe) True
DisableRewriteOnNoTransform (drnt) False
EnableCachePurge (euci) True
EnableRewriting (e) 1
FetcherTimeOutMs (bfto) 10000
FileCacheCleanIntervalMs (afcci) 3600000
FileCacheInodeLimit (afcl) 500000
FileCacheSizeKb (afc) 102400
HttpCacheCompressionLevel (hccl) 9
ImageMaxRewritesAtOnce (im) 3
InPlaceResourceOptimization (ipro) False
LazyloadImagesAfterOnload (llio) True
LazyloadImagesBlankUrl (llbu) https://www.gstatic.com/psa/static/1.gif
LRUCacheByteLimit (alcb) 16384
LRUCacheKbPerProcess (alcp) 10240
MaxCacheableContentLength (rcl) 16777216
MaxCombinedCssBytes (xcc) 92160
MaxCombinedJsBytes (xcj) 192160
MaxSegmentLength (uss) 250
MemcachedThreads (amt) 1
MemcachedTimeoutUs (amo) 1000000
RewriteLevel (l) Core Filters
Statistics (ase) True
StatisticsLogging (asle) True
StatisticsLoggingIntervalMs (asli) 60000
SupportNoScriptEnabled (snse) False
UseExperimentalJsMinifier (uejsm) True

#NumFlushes            0
#EndDocument after     14491us
#Total Parse duration  3370us
#Total Render duration 50307us
#Total Idle duration   11121us
Critical Images:
    data:image/svg+xml;base64,PHN223<redacted>==
    data:image/svg+xml;base64,PHN2Zy<redacted>==
    data:image/svg+xml;base64,PHN2Pg<redacted>==
    http://mydomain.com/wp-content/uploads/slider/cache/f3c95aed3bef34293901d9e8fe70a1/baner_new-1.webp
    https://mydomain.com/wp-content/uploads/2021/02/000-300x300.jpg
    https://mydomain.com/wp-content/uploads/2021/02/003-300x300.jpg
    https://mydomain.com/wp-content/uploads/2021/02/kny_001-300x300.jpg
    https://mydomain.com/wp-content/uploads/2021/02/kny_002-300x300.jpg
    https://mydomain.com/wp-content/uploads/2021/04/sk8_010-300x300.jpg
    https://mydomain.com/wp-content/uploads/2021/06/bf_001-300x300.jpg
The following filters were disabled for this request:
    CriticalSelectorFilter: No critical selector info in cache
-->

Notice the http in there ^, also the nginx log got those warrnings:

2022/12/02 11:25:13 [warn] 210590#210635: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/pay-by-paynow-pl/assets/css/A.front.css,qver=2.4.10.pagespeed.cf.gza2uH-eND.css
2022/12/02 11:25:13 [warn] 210590#210635: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/A.frontend-style.css,qver=2.0.2.pagespeed.cf.w63jaWGSEN.css
2022/12/02 11:25:13 [warn] 210590#210635: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/A.genericons.css,qver=6.1.1.pagespeed.cf.MrUO0k-k7u.css
2022/12/02 11:25:13 [warn] 210590#210635: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/font-awesome/A.font-awesome.min.css,qver=6.1.1.pagespeed.cf.nrOL480BpE.css
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/A.linear-icon-font.min.css,,qver==6.1.1+jquery.mCustomScrollbar.css,,qver==2.0.2,Mcc.0QxnMDf5Xg.css.pagespeed.cf.xNaISPEV5w.css
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/themes/shoptimizer/A.style.css,qver=2.6.2.pagespeed.cf.1B2M2Y8Asg.css
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/themes/shoptimizer-child-theme/A.style.css,qver=1.2.1.pagespeed.cf.1B2M2Y8Asg.css
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/themes/shoptimizer/assets/css/main/modal.min.css,qver==2.6.2+blocks.min.css,qver==2.6.2.pagespeed.cc.xqWx8SYpYG.css
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/newsletter/A.style.css,qver=7.5.6.pagespeed.cf.wVC97_uOK5.css
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/woocommerce-product-bundles/assets/css/frontend/A.checkout-blocks.css,qver=6.16.1.pagespeed.cf.W7pkChSUkO.css
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-includes/js/jquery/jquery-migrate.min.js,qver=3.3.2.pagespeed.jm.Ws-UgblvVg.js
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/js/frontend-script.js,qver==2.0.2+webfont.js,qver==6.1.1+json2validation.js,qver==6.1.1+jquery.mCustomScrollbar.js,qver==2.0.2.pagespeed.jc.nXwcx6MHRI.js
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/commercegurus-commercekit/assets/js/popper.min.js,qver==2.1.1+tippy-bundle.umd.min.js,qver==2.1.1.pagespeed.jc._X-YPIn7qA.js
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-includes/js/underscore.min.js,qver=1.13.4.pagespeed.jm.-wWaxZbynX.js
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js,qver=2.7.0-wc.7.1.0.pagespeed.jm.BkSKjHCA_f.js
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/xKaguya-sama_-_Love_is_War_Logo.svg_.png.pagespeed.ic.EHH1d5lnEj.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/ya-boy-kongming-2022-removebg-preview2.png.pagespeed.ce.Mpvkw33spF.png
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/02/xlogo-ohayo.png.pagespeed.ic.7QuIWVYmW3.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/02/xkny_002-300x300.jpg.pagespeed.ic.0qFk73ZsGK.webp
2022/12/02 11:25:13 [warn] 210590#210635: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/02/x003-300x300.jpg.pagespeed.ic.R1ZzOEIPP3.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/02/xkny_001-300x300.jpg.pagespeed.ic.P07IWhdmyv.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/xSite-logo.webp.pagespeed.ic.335ualXY1v.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/04/xnge_194-300x300.jpg.pagespeed.ic.fKgvYUQPeB.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/02/xaot_085-300x300.jpg.pagespeed.ic.Kxu7QOtFcp.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/02/xlogo-ohayo.png.pagespeed.ic.7QuIWVYmW3.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/xSite-logo.webp.pagespeed.ic.335ualXY1v.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/04/xnge_194-300x300.jpg.pagespeed.ic.fKgvYUQPeB.webp
2022/12/02 11:25:13 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112513:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/02/xaot_085-300x300.jpg.pagespeed.ic.Kxu7QOtFcp.webp
2022/12/02 11:25:14 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112514:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/berserk_manga2.png.pagespeed.ce.-dIcO4TxJW.png
2022/12/02 11:25:14 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112514:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/aot_manga.png.pagespeed.ce.Bb-IKWZ0U7.png
2022/12/02 11:25:14 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112514:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/tpn_manga.png.pagespeed.ce.6MsDBu2WZ3.png
2022/12/02 11:25:14 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112514:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/assasin_manga.png.pagespeed.ce.rzexGBx_kf.png
2022/12/02 11:25:14 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112514:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/f_logo_RGB-Blue_58.png.pagespeed.ce.Tt6-UOAyLZ.png
2022/12/02 11:25:14 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112514:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/Instagram_Glyph_Gradient_RGB.png.pagespeed.ce.r6yESK7HBL.png
2022/12/02 11:25:14 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112514:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/2021-Twitter-logo-blue.png.pagespeed.ce.dXHqExedBt.png
2022/12/02 11:25:14 [warn] 210590#210638: [ngx_pagespeed 1.15.0.0-8917] [1202/112514:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/08/xgim_001-300x300.jpg.pagespeed.ic.0L-n56JpPJ.webp
Lofesa commented 1 year ago

A question... How the resources are wruten in the html code? some like src=//mydomain/myimge or src=https://mydomain/myimage ?

Also why this?: (Note 1 image have http and others have https)

Critical Images: data:image/svg+xml;base64,PHN223== data:image/svg+xml;base64,PHN2Zy== data:image/svg+xml;base64,PHN2Pg== http://mydomain.com/wp-content/uploads/slider/cache/f3c95aed3bef34293901d9e8fe70a1/baner_new-1.webp https://mydomain.com/wp-content/uploads/2021/02/000-300x300.jpg

bigretromike commented 1 year ago

A question... How the resources are wruten in the html code? some like src=//mydomain/myimge or src=https://mydomain/myimage ?

Also why this?: (Note 1 image have http and others have https)

Critical Images: data:image/svg+xml;base64,PHN223== data:image/svg+xml;base64,PHN2Zy== data:image/svg+xml;base64,PHN2Pg== http://mydomain.com/wp-content/uploads/slider/cache/f3c95aed3bef34293901d9e8fe70a1/baner_new-1.webp https://mydomain.com/wp-content/uploads/2021/02/000-300x300.jpg

I know ! And have no clue why pagespeed does that ! Every link contains schema https://mydomain.com/.....

Also now its also included:

<!--Summary computation status for CriticalCssBeacon
Resource 0 http://mydomain.com/:46: Computed OK
Resource 1 https://mydomain.com/wp-content/plugins/woocommerce-points-and-rewards/build/style-index.css?ver=1.7.18: Computed OK
Resource 2 https://mydomain.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1: Computed OK
Resource 3 https://mydomain.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5: Computed OK
Resource 4 https://mydomain.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5: Computed OK
Resource 5 http://mydomain.com/:64: Computed OK
Resource 6 https://mydomain.com/wp-includes/css/classic-themes.min.css?ver=1: Computed OK
Resource 7 http://mydomain.com/:69: Computed OK
Resource 8 https://mydomain.com/wp-content/plugins/pay-by-paynow-pl/assets/css/front.css?ver=2.4.10: Computed OK
Resource 9 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/frontend-style.css?ver=2.0.2: Computed OK
Resource 10 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/genericons.css?ver=6.1.1: Computed OK
Resource 11 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/font-awesome/font-awesome.min.css?ver=6.1.1: Computed OK
Resource 12 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/rtl_styles.css?ver=6.1.1: Fetch failed or resource not publicly cacheable
Resource 13 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/linear-icon-font.min.css?ver=6.1.1: Computed OK
Resource 14 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/jquery.mCustomScrollbar.css?ver=2.0.2: Resource removed by another filter
Resource 15 http://mydomain.com/:82: Computed OK
Resource 16 https://mydomain.com/wp-content/plugins/woocommerce-brands/assets/css/style.css?ver=1.6.38: Computed OK
Resource 17 https://mydomain.com/wp-content/plugins/yith-infinite-scrolling/assets/css/frontend.css?ver=1.8.0: Computed OK
Resource 18 https://mydomain.com/wp-content/themes/shoptimizer/style.css?ver=2.6.2: Computed OK
Resource 19 https://mydomain.com/wp-content/themes/shoptimizer-child-theme/style.css?ver=1.2.1: Computed OK
Resource 20 https://mydomain.com/wp-content/themes/shoptimizer/assets/css/main/main.min.css?ver=2.6.2: Computed OK
Resource 21 https://mydomain.com/wp-content/themes/shoptimizer/assets/css/main/modal.min.css?ver=2.6.2: Computed OK
Resource 22 https://mydomain.com/wp-content/themes/shoptimizer/assets/css/main/blocks.min.css?ver=2.6.2: Resource removed by another filter
Resource 23 https://mydomain.com/wp-content/plugins/newsletter/style.css?ver=7.5.6: Computed OK
Resource 24 https://mydomain.com/wp-content/plugins/woocommerce-product-bundles/assets/css/frontend/checkout-blocks.css?ver=6.16.1: Computed OK
Resource 25 https://mydomain.com/wp-content/plugins/woocommerce-waitlist/includes/css/src/wcwl_frontend.min.css?ver=2.3.0: Computed OK
Resource 26 https://mydomain.com/wp-content/themes/shoptimizer/assets/css/main/woocommerce.min.css?ver=2.6.2: Computed OK
Resource 27 https://mydomain.com/wp-content/plugins/woocommerce-product-bundles/assets/css/frontend/woocommerce.css?ver=6.16.1: Computed OK
Resource 28 https://mydomain.com/wp-content/plugins/smart-slider-3/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider.min.css?ver=23139749: Cannot create resource: either its domain is unauthorized and InlineUnauthorizedResources is not enabled, or it cannot be fetched (check the server logs)
Resource 29 http://mydomain.com/:107: Computed OK
Resource 30 http://mydomain.com/:125: Computed OK
Resource 31 http://mydomain.com/:178: Computed OK
Resource 32 http://mydomain.com/:319: Computed OK
-->

As you see it reads main domain/page as http:// even when there is no explicid configuration for http version (there is currently only one page configured on this server which is mydomain.com on port 443 with ssl enabled)

eilandert commented 1 year ago

location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; set $no_cache 1; }

Can you try: location ~ ^.pagespeed/ { add_header "" ""; set $no_cache 1; }

For my wordpress instances I use the plugin "SSL Insecure Content Fixer", it rewrites all output links to https. The problem might be somewhere in your mysql database but installing this plugin should fix this easier.

bigretromike commented 1 year ago

A question... How the resources are wruten in the html code? some like src=//mydomain/myimge or src=https://mydomain/myimage ?

Also why this?: (Note 1 image have http and others have https)

Critical Images: data:image/svg+xml;base64,PHN223== data:image/svg+xml;base64,PHN2Zy== data:image/svg+xml;base64,PHN2Pg== http://mydomain.com/wp-content/uploads/slider/cache/f3c95aed3bef34293901d9e8fe70a1/baner_new-1.webp https://mydomain.com/wp-content/uploads/2021/02/000-300x300.jpg

I found that images added to slider are added like this <img src="//mydomain.com/wp-content/uploads/2022/06/baner_new-1.webp" alt="" title="" loading="lazy" class="skip-lazy" data-skip-lazy="1">

bigretromike commented 1 year ago

@eilandert

location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; set $no_cache 1; }

Can you try: location ~ ^.pagespeed/ { add_header "" ""; set $no_cache 1; }

For my wordpress instances I use the plugin "SSL Insecure Content Fixer", it rewrites all output links to https. The problem might be somewhere in your mysql database but installing this plugin should fix this easier.

Should I remove old one? because I added yours next to old one, and no difference.

@Lofesa I replace scr to image to absolut path with https still I see that main page is fetched via http :/

bigretromike commented 1 year ago

location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; set $no_cache 1; }

Can you try: location ~ ^.pagespeed/ { add_header "" ""; set $no_cache 1; }

For my wordpress instances I use the plugin "SSL Insecure Content Fixer", it rewrites all output links to https. The problem might be somewhere in your mysql database but installing this plugin should fix this easier.

I installed SSL Insecure Content Fixer but that does nothing for me - the page is SSL compatible with Green shield on all browsers.

bigretromike commented 1 year ago

PageSpeed console still show:

http://mydomain.com/:1196: Resized image `https://mydomain.com/wp-content/uploads/2021/04/dgr_001-300x300.jpg' from 300x300 to 237x237
[Fri, 02 Dec 2022 12:52:39 GMT] [Info] [214422] [http://mydomain.com/seria/healin-good-pretty-cure/page/2/:89] Unrecognized script:'<script type="text/template" id="tmpl-variation-template"></script> 89...93'
[Fri, 02 Dec 2022 12:53:35 GMT] [Warning] [214424] [underscore.min.js,qver=1.13.4:0] Resource based on http://mydomain.com/wp-includes/js/underscore.min.js?ver=1.13.4 but cannot access the original
[Fri, 02 Dec 2022 12:53:36 GMT] [Warning] [214424] [A.classic-themes.min.css,qver=1:0] Resource based on http://mydomain.com/wp-includes/css/classic-themes.min.css?ver=1 but cannot access the original

nginx log:

2022/12/02 12:55:12 [warn] 214423#214480: [ngx_pagespeed 1.15.0.0-8917] [1202/125512:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-includes/js/jquery/jquery-migrate.min.js,qver=3.3.2.pagespeed.jm.Ws-UgblvVg.js
2022/12/02 12:55:12 [warn] 214423#214477: [ngx_pagespeed 1.15.0.0-8917] [1202/125512:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-includes/js/underscore.min.js,qver=1.13.4.pagespeed.jm.-wWaxZbynX.js
2022/12/02 12:55:12 [warn] 214423#214480: [ngx_pagespeed 1.15.0.0-8917] [1202/125512:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-includes/css/dist/block-library/A.style.min.css,qver=6.1.1.pagespeed.cf.s5bSa4kM1r.css
2022/12/02 12:55:12 [warn] 214423#214480: [ngx_pagespeed 1.15.0.0-8917] [1202/125512:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-includes/css/A.classic-themes.min.css,qver=1.pagespeed.cf.wMG3qLFv9v.css

And I don't think that http is hardcoded in logs

And this results in unable to load those JS files and console throw 404: https://mydomain.com/wp-includes/js/jquery/jquery-migrate.min.js,qver=3.3.2.pagespeed.jm.Ws-UgblvVg.js https://mydomain.com/wp-includes/js/underscore.min.js,qver=1.13.4.pagespeed.jm.-wWaxZbynX.js https://mydomain.com/wp-includes/css/dist/block-library/A.style.min.css,qver=6.1.1.pagespeed.cf.s5bSa4kM1r.css https://mydomain.com/wp-includes/css/A.classic-themes.min.css,qver=1.pagespeed.cf.wMG3qLFv9v.css

Edit: Disabling pagespeed reveals the way those files are added to code: <script type='text/javascript' src='https://mydomain.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2' id='jquery-migrate-js'></script> <script type='text/javascript' src='https://mydomain.com/wp-includes/js/underscore.min.js?ver=1.13.4' id='underscore-js'></script> <link rel='stylesheet' id='classic-theme-styles-css' href='https://mydomain.com/wp-includes/css/classic-themes.min.css?ver=1' type='text/css' media='all' />

bigretromike commented 1 year ago

disabling pagespeed LoadFromFile "https://mydomain.com/wp-content" "/var/www/web/wp-content"; results in nginx log with: Fetch failed for resource url http://mydomain.com/wp-content/uploads/............. and not images on page

Currently I have no idea why pagespeed trying so hard to optimize http content when page is https

Lofesa commented 1 year ago

What do you see in the logs files about this with debug enabled? https://mydomain.com/wp-content/plugins/smart-slider-3/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider.min.css?ver=23139749

in the <!--Summary computation status for CriticalCssBeacon the message says:

Cannot create resource: either its domain is unauthorized and InlineUnauthorizedResources is not enabled, or it cannot be fetched (check the server logs)

In other hand, have you tried some like this add_header Content-Security-Policy upgrade-insecure-requests; ?

bigretromike commented 1 year ago

What do you see in the logs files about this with debug enabled? https://mydomain.com/wp-content/plugins/smart-slider-3/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider.min.css?ver=23139749

in the <!--Summary computation status for CriticalCssBeacon the message says:

Cannot create resource: either its domain is unauthorized and InlineUnauthorizedResources is not enabled, or it cannot be fetched (check the server logs)

In other hand, have you tried some like this add_header Content-Security-Policy upgrade-insecure-requests; ?

smartslider is excluded from pagespeed because of the compatibility issues, I have done it via:

        # disable minify etc...
        pagespeed Allow "*";
        pagespeed Disallow "*.svg*";
        pagespeed Disallow "*.php*";
        pagespeed Allow "*.js*";
        pagespeed Allow "*.js?ver=*";
        pagespeed Allow "*.css*";
        pagespeed Allow "*.css?ver=*";
        pagespeed Allow "/wp-content/plugins/*";
        pagespeed Disallow "https://mydomain.com/*.pagespeed.*.js";
        pagespeed Disallow "*/js/jquery/jquery.js*";
        pagespeed Disallow "*/js/jquery/jquery.min.js*";
        pagespeed Disallow "*/wp-content/plugins/smart-slider-3/*";
        pagespeed Disallow "*/seal.js*";
        pagespeed Disallow "*/kirki/modules/webfont-loader/vendor-typekit/webfontloader.js*";
        pagespeed Disallow "*/wp-includes/js/dist/*";
        pagespeed Disallow "*/wp-includes/js/tinymce/*";
        # disable minify css
        pagespeed Disallow "*/wp-content/cache/*";
        pagespeed Disallow "*/wp-content/uploads/*";
        pagespeed Allow "*/wp-content/uploads/2021/*";
        pagespeed Allow "*/wp-content/uploads/2022/*";
        pagespeed Allow "*/wp-content/uploads/2023/*";
        pagespeed Disallow "*/admin-bar.min.css*";
        pagespeed Disallow "*/dashicons.min.css*";
        pagespeed Disallow "/wp-admin*";
        pagespeed Disallow "/wp-login.php*";
        pagespeed Disallow "/admin/*";
eilandert commented 1 year ago

One thing that comes to mind, I had the same problem once. I assume you are using php-fpm with fastcgi.

I remember vaguely that I had to explicitly force https, in the nginx vhost, fastcgi_param HTTPS on

Lofesa commented 1 year ago

smartslider is excluded from pagespeed because of the compatibility issues, I have done it via:

   # disable minify etc...
  pagespeed Allow "*";

A bunch of things here.

    pagespeed Disallow "*.svg*";
    pagespeed Disallow "*.php*";

Not needed, because pahespeed mudules does nothing with these files.

    pagespeed Allow "*.js*";
    pagespeed Allow "*.js?ver=*";
    pagespeed Allow "*.css*";
    pagespeed Allow "*.css?ver=*";

Those with "ver=" are not needed because they are covered with ".js"; and ".css"; And the ? character must be scaped if used, in the regex , iy matches 1 character.

Deom the docs:

"Note: Wildcards include which matches any 0 or more characters, and ?, which matches exactly one character. Unlike Unix shells, the / directory separator is not special, and can be matched by either or ?. The resources are always expanded into their absolute form before expanding.

Note: The wildcard will be matched against the full URL including any query parameters. For example, if you want to match URL http://example.com/index.jsp?test=xyz you could use"

And take care with the order of these directives, order matter

"The later directives take priority over the earlier ones"

bigretromike commented 1 year ago

One thing that comes to mind, I had the same problem once. I assume you are using php-fpm with fastcgi.

I remember vaguely that I had to explicitly force https, in the nginx vhost, fastcgi_param HTTPS on

replacing fastcgi_parm HTTPS $https if_not_empty; with fastcgi_param HTTPS on; give no difference

bigretromike commented 1 year ago

I'm trying to make it not work with minimal setup;

http {
pagespeed on;
pagespeed PreserveUrlRelativity on;
pagespeed Statistics on;
pagespeed StatisticsLogging on;
pagespeed StatisticsLoggingIntervalMs 60000;
pagespeed StatisticsLoggingMaxFileSizeKb 1024;
pagespeed LogDir /var/log/pagespeed;
pagespeed AdminPath /pagespeed_admin;
pagespeed StatisticsPath /nxg_nekomata;
pagespeed FileCacheSizeKb            102400;
pagespeed FileCacheCleanIntervalMs   3600000;
pagespeed FileCacheInodeLimit        500000;
pagespeed LRUCacheKbPerProcess     10240;
pagespeed LRUCacheByteLimit        16384;
pagespeed MemcachedThreads 1;
pagespeed MemcachedServers "127.0.0.1:11211";
pagespeed MemcachedTimeoutUs 1000000; 
pagespeed RewriteLevel CoreFilters;
pagespeed UsePerVhostStatistics on;
pagespeed EnableFilters debug; 
pagespeed MessageBufferSize 100000;
pagespeed RewriteLevel OptimizeForBandwidth;
pagespeed HttpCacheCompressionLevel 9; 
pagespeed InPlaceResourceOptimization off;  
pagespeed CacheFragment web-cache-fragment;
pagespeed LogDir "/var/log/pagespeed";
pagespeed CreateSharedMemoryMetadataCache "/var/www/web/mod_pagespeed/" 1024000;
pagespeed NumRewriteThreads 6;
pagespeed ImageMaxRewritesAtOnce 3;
pagespeed EnableCachePurge on;
pagespeed ListOutstandingUrlsOnError on;
pagespeed Domain https://mydomain.com;
server {
pagespeed FileCachePath /run/nginx-pagespeed-web;
pagespeed FetchHttps enable,allow_unknown_certificate_authority,allow_self_signed,allow_certificate_not_yet_valid;
pagespeed SslCertDirectory /etc/pki/tls/certs;
pagespeed SslCertFile /etc/pki/tls/cert.pem;
pagespeed FetcherTimeoutMs 10000;
pagespeed AddResourceHeader "x-content-type-options" "nosniff";
pagespeed Allow "*";
pagespeed Disallow "*/wp-includes/js/wp-util.js*";
pagespeed Disallow "https://mydomain.com/*.pagespeed.*.js";
pagespeed Disallow "*/js/jquery/jquery.js*";
pagespeed Disallow "*/js/jquery/jquery.min.js*";
pagespeed Disallow "*/wp-content/plugins/smart-slider-3/*";
pagespeed Disallow "*/seal.js";
pagespeed Disallow "*/kirki/modules/webfont-loader/vendor-typekit/webfontloader.js";
pagespeed Disallow "*/wp-includes/js/dist/*";
pagespeed Disallow "*/wp-includes/js/tinymce/*";
pagespeed Disallow "*/wp-content/plugins/wc-poczta/*";
pagespeed Disallow "*/wp-content/cache/*";
pagespeed Disallow "*/wp-content/uploads/*";
pagespeed Allow "*/wp-content/uploads/2021/*";
pagespeed Allow "*/wp-content/uploads/2022/*";
pagespeed Allow "*/wp-content/uploads/2023/*";
pagespeed Disallow "*/admin-bar.min.css";
pagespeed Disallow "*/dashicons.min.css";
pagespeed Disallow "/wp-admin/*";
pagespeed InPlaceResourceOptimization off;

pagespeed StatisticsPath /ngx_pagespeed_statistics;
pagespeed MessagesPath /ngx_pagespeed_message;
pagespeed ConsolePath /pagespeed_console;
pagespeed AdminPath /pagespeed_admin;
pagespeed EnableFilters rewrite_javascript;             # minify js

Console say: I[Fri, 02 Dec 2022 21:31:45 GMT] [Info] [231995] HTTPCache key=http://mydomain.com/wp-content/uploads/2022/06/aot_manga.png fragment=web-cache-fragment: remembering recent failure for 119 seconds. W[Fri, 02 Dec 2022 21:31:45 GMT] [Warning] [231995] [xaot_manga.png:0] Resource based on http://mydomain.com/wp-content/uploads/2022/06/aot_manga.png but cannot access the original http://mydomain.com/produkt/op_080/:1131 srcset entry for 32w: Shrinking imagehttps://mydomain.com/wp-content/uploads/2021/03/op_079-32x32.jpg' (5709 bytes) to https://mydomain.com/wp-content/uploads/2021/03/xop_079-32x32.jpg.pagespeed.ic.tmbiBT965m.webp' (612 bytes) Log say: [ngx_pagespeed 1.15.0.0-8917] [1202/213145:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2022/06/xaot_manga.png.pagespeed.ic.2j0w7-EoG1.png [ngx_pagespeed 1.15.0.0-8917] [1202/214113:WARNING:resource_fetch.cc(197)] Fetch failed for resource url http://mydomain.com/wp-content/uploads/2021/03/xop_079-32x32.jpg.pagespeed.ic.tmbiBT965m.webp [ngx_pagespeed 1.15.0.0-8917] xop_079-32x32.jpg:0:Resource based on http://mydomain.com/wp-content/uploads/2021/03/op_079-32x32.jpg but cannot access the original

Also I added rewrite_log on; and i'm trying to debug path that is picked from all my location, but i'm not sure why its not finished:

2022/12/02 21:32:45 [info] 231995#232019: [ngx_pagespeed 1.15.0.0-8917] http://mydomain.com/produkt/op_080/:1131 srcset entry for 32w: Shrinking image `https://mydomain.com/wp-content/uploads/2021/03/op_079-32x32.jpg' (5709 bytes) to `https://mydomain.com/wp-content/uploads/2021/03/xop_079-32x32.jpg.pagespeed.ic.tmbiBT965m.webp' (612 bytes)
2022/12/02 21:41:13 [notice] 231997#231997: *340 "^https://(mydomain\.com|cdn\.mydomain\.com)$" does not match "", client: my.external.ip.address, server: mydomain.com, request: "GET /wp-content/uploads/2021/03/xop_079-32x32.jpg.pagespeed.ic.tmbiBT965m.webp HTTP/2.0", host: "mydomain.com"
2022/12/02 21:41:13 [notice] 231997#231997: *340 "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)" does not match "/wp-content/uploads/2021/03/xop_079-32x32.jpg.pagespeed.ic.tmbiBT965m.webp", client: my.external.ip.address, server: mydomain.com, request: "GET /wp-content/uploads/2021/03/xop_079-32x32.jpg.pagespeed.ic.tmbiBT965m.webp HTTP/2.0", host: "mydomain.com"
2022/12/02 21:41:13 [notice] 231997#231997: *340 "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in" does not match "sockem_cookie=bb14dd16df; _fbp=fb.1.1669971809475.1168039176; _ga=GA1.1.1601885816.1669971810; _pk_id.11.9c06=eaf1d036c25c6bfd.1669971810.; _pin_unauth=dWlkPU16VTVOR1ZtTmpJdFpHTmtNQzAwTURObExXSXhPVEl0WkdZMk1XSTFZbVZqWVdJMw; _pk_ses.11.9c06=1; _derived_epik=empty; _ga_5EEYGXVFRX=GS1.1.1670011856.5.1.1670016505.0.0.0; _ga_FW712V8LBG=GS1.1.1670011856.5.1.1670016505.0.0.0", client: my.external.ip.address, server: mydomain.com, request: "GET /wp-content/uploads/2021/03/xop_079-32x32.jpg.pagespeed.ic.tmbiBT965m.webp HTTP/2.0", host: "mydomain.com"
2022/12/02 21:41:13 [notice] 231997#231997: *340 "/checkout/|/zamowienie/|/my-account/|/moje-konto/|/cart/|/koszyk/|/newsletter/" does not match "/wp-content/uploads/2021/03/xop_079-32x32.jpg.pagespeed.ic.tmbiBT965m.webp", client: my.external.ip.address, server: mydomain.com, request: "GET /wp-content/uploads/2021/03/xop_079-32x32.jpg.pagespeed.ic.tmbiBT965m.webp HTTP/2.0", host: "mydomain.com"
2022/12/02 21:41:13 [warn] 231997#232039: [ngx_pagespeed 1.15.0.0-8917] xop_079-32x32.jpg:0:Resource based on http://mydomain.com/wp-content/uploads/2021/03/op_079-32x32.jpg but cannot access the original
bigretromike commented 1 year ago

Currently I have the biggest luck while adding pagespeed LoadFromFileMatch "^https?://mydomain.com/([^/]*)" "/var/www/web/\\1"; While pagespeed fetch content thru http FileMatch handles that ? And I can access shrinked images likeimages1-300x300.webp.pagespeed.ic.0AWUmE4KLo.webp`

I still have no clue why pagespeed inssist to use http I double checked if something is wrong or not with port 80, but it looks like its all disabled: curl -sS -D- -o /dev/null "http://mydomain.com/wp-content/uploads/2021/08/ximage-1-150x146.webp.pagespeed.ic.DWGeCUiHFr.webp" curl: (7) Failed to connect to mydomain.com port 80: Connection refused

Lofesa commented 1 year ago

In the last config you posted:

pagespeed RewriteLevel CoreFilters; pagespeed RewriteLevel OptimizeForBandwidth;

Both at the same time, don¡t know what is the result.

In the config directives you have

pagespeed CacheFragment web-cache-fragment;

But in the error logs there is

HTTPCache key=http://mydomain.com/wp-content/uploads/2022/06/aot_manga.png fragment=EDITED-cache-fragment: remembering recent failure for 119 seconds. W

Seems to be from another server config.

bigretromike commented 1 year ago

In the last config you posted:

pagespeed RewriteLevel CoreFilters; pagespeed RewriteLevel OptimizeForBandwidth;

Both at the same time, don¡t know what is the result.

In the config directives you have

pagespeed CacheFragment web-cache-fragment;

But in the error logs there is

HTTPCache key=http://mydomain.com/wp-content/uploads/2022/06/aot_manga.png fragment=web-cache-fragment: remembering recent failure for 119 seconds. W

Seems to be from another server config.

Nah they are the same, I just redacted that name out for my reasones sorry.

pagespeed RewriteLevel CoreFilters;
pagespeed RewriteLevel OptimizeForBandwidth;

Yes I can change that, let me read about it

bigretromike commented 1 year ago

In the last config you posted:

pagespeed RewriteLevel CoreFilters; pagespeed RewriteLevel OptimizeForBandwidth;

I comment out CoreFilters both could work without issue as one enable more than second one.

Still the issue even with almost everything comment out is that its fetching or thinking that it fetch http://mydomain.com, when in realyty its https://mydomain.com because http version is not available (there is not even 301 on new server)

The only thing that I have on mind is that pagespeed does work in that way (but I would assume you guys or another user would just say That is the way pagespeed works and that would end the topic, but then I don't think its the case, so only one thing (other than wordpress files and database) taken from old server that act the same way is nginx-site-configuration, maybe someone more knowledgeable than me can spot the cupric - (I omitted include as those are posted higher):

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /var/www/fullchain6.pem;
        ssl_certificate_key /var/www/privkey6.pem;
        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        add_header Strict-Transport-Security "max-age=15768000" always;

        server_name mydomain.com www.mydomain.com;
        root /var/www/mydomain.com/web;
        index index.php index.html index.htm;

        if ($host = www.mydomain.com) {
                return 301 https://mydomain.com$request_uri;
        }

        set $no_cache 0;

        include snippets/20-pagespeed_server.conf;

        gzip on;

        autoindex off;
        access_log /var/www/mydomain.com/logs/access.log compression2 buffer=32k flush=5m;
        error_log /var/www/mydomain.com/logs/error.log; # debug;

        keepalive_timeout 10;
        keepalive_disable msie6;
        keepalive_requests 200;

        set $cors_origin "";
        set $cors_cred   "";
        set $cors_header "";
        set $cors_method "";

        # used to play with cdn, not anymore
        if ($http_origin ~ '^https://(mydomain\.com|cdn\.mydomain\.com)$') {
                set $cors_origin $http_origin;
                set $cors_cred   true;
                set $cors_header $http_access_control_request_headers;
                set $cors_method $http_access_control_request_method;
         }

        add_header Access-Control-Allow-Origin      $cors_origin;
        add_header Access-Control-Allow-Credentials $cors_cred;
        add_header Access-Control-Allow-Headers     $cors_header;
        add_header Access-Control-Allow-Methods     $cors_method;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Content-Type-Options nosniff;
        add_header Referrer-Policy "no-referrer-when-downgrade";

        location /ngx_pagespeed_statistics { allow 127.0.0.1; allow my.ip.address.here; deny all; }
        location /ngx_pagespeed_global_statistics { allow 127.0.0.1; allow my.ip.address.here; deny all; }
        location /ngx_pagespeed_message { allow 127.0.0.1; allow my.ip.address.here; deny all; }
        location /pagespeed_console { allow 127.0.0.1; allow my.ip.address.here; deny all; }
        location ~ ^/pagespeed_admin { allow 127.0.0.1; allow my.ip.address.here; deny all; }
        location ~ ^/pagespeed_global_admin { allow 127.0.0.1; allow my.ip.address.here; deny all; }

        location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
            set $no_cache 1;
            add_header "" "";
        }

        location ~ "^/pagespeed_static/" { }
        location ~ "^/ngx_pagespeed_beacon$" { }

        location = /nekomata {
                allow 127.0.0.1;
                allow my.ip.address.here;
                allow my.second.address.here;
                deny all;
                stub_status;
        }

        location ~ ^/(status001|ping|nxg_nekomata)$ {
                access_log /var/www/mydomain.com/logs/access-status.log;
                allow 127.0.0.1;
                allow my.ip.address.here;
                allow my.second.address.here;
                deny all;
                include snippets/fastcgi-mydomain.conf;
        }

        location ~* /xmlrpc.php$ {
                allow 127.0.1.1;
                allow 127.0.0.1;
                allow ::1;
                allow my.second.address.here;
                deny all;
                include snippets/fastcgi-mydomain.conf;
        }

        location ~* /(?:uploads|files|wp-content|wp-includes|akismet)/.*.php$ {
                deny all;      
        }

        location ~ /\.(svn|git)/* { deny all;   }
        location ~ /\. {deny all;  }
        location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
                rewrite ^.*/sitemaps\.xml$ /index.php?seopress_sitemap=1 last;
                rewrite ^.*/news.xml$ /index.php?seopress_news=$1 last;
                rewrite ^.*/video.xml$ /index.php?seopress_video=$1 last;
                rewrite ^.*/author.xml$ /index.php?seopress_author=$1 last;
                rewrite ^.*/sitemaps_xsl\.xsl$ /index.php?seopress_sitemap_xsl=1 last;
                rewrite ^.*/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?seopress_cpt=$1&seopress_paged=$2 last;
        }

        location /wp-json/ {
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ {deny all;}
        location ~* ^/(wp-content)/(.*?)\.(zip|tar|bzip2|7z)\$ {deny all;}
        location ~* .(pl|cgi|py|sh|lua|asp)$ {return 444;}
        location ~* /(wp-config.php|readme.html|readme.txt|license.txt|nginx.conf) {deny all;}
        location ~* ^/wp-content/plugins/.+\.(txt|log|md)$ {deny all; error_page 403 =404 / ;}
        location ~* ^/wp-content/themes/.+\.(txt|log|md)$ {deny all; error_page 403 =404 / ;}
        location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {deny all;return 404; }

        if ($request_method = POST) {set $no_cache 1;}
        if ($query_string != "") {set $no_cache 1;}

        if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {set $no_cache 1;}
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {set $no_cache 1;}
        if ($request_uri ~* "/checkout/|/zamowienie/|/my-account/|/moje-konto/|/cart/|/koszyk/|/newsletter/") {set $no_cache 1;}
        location / {
                gzip on;                
                try_files $uri $uri/ /index.php?$is_args$args;
        }

        location = /favicon.ico {   expires max; }
        location = /robots.txt  {   }

        location ~ [^/]\.php(/|$) {
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {return 404;}
                gzip on;
                # fastcgi_cache
                add_header X-Cache-Status $upstream_cache_status;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include snippets/fastcgi-php.conf;
                fastcgi_cache mydomain;
                fastcgi_cache_valid 200 302 10h;
                fastcgi_cache_valid 404 5m;
                fastcgi_cache_bypass $no_cache;
                fastcgi_no_cache $no_cache;
                fastcgi_cache_lock on;
                fastcgi_cache_lock_age 5s;              
                fastcgi_cache_lock_timeout 5s;          
                fastcgi_read_timeout 600s;
                fastcgi_pass unix:/var/run/php-fpm/mydomain.com.sock;
        }

        location ~ /purge(/.*) {
                allow 127.0.0.1;
                deny all;
                fastcgi_cache_purge mydomain "$scheme$request_method$host$1";
        }

        location ~* .(webp|avif|webm|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
                sendfile           on;
                sendfile_max_chunk 1m;
                tcp_nopush on;
                expires max;
                add_header Cache-Control public;
                open_file_cache max=1000 inactive=10h;
                open_file_cache_valid 60s;
                open_file_cache_min_uses 2;
                open_file_cache_errors off;
        }

        client_max_body_size 10M;
}
Lofesa commented 1 year ago

No, is not the way pagespeed work. It must work fechting https resources too. In my experience pagespeed can't fecht https resource mainly by 2 reasons:

1.- pagespeed domain is set wrong. If you don't specify the protocol, by default pagespeed tries the http version only. I usually use pagespeed domain http://.mydomain.com This way I cover the http and the https and all subdomain and the main domain. 2.- certificates are not rigth configured.

But here 2 reasons are, aparently , set in the rigth way.

Maybe the fastcgi cache? I see you bypass the fastcgi cache when the request have any query string. Whats happens when you do http://mydoamin.com/?anyquery=1 ?

bigretromike commented 1 year ago

I'm using this: pagespeed Domain https://mydomain.com; I can change it to http? version but I dont serve http version at all, when you enter http://mydomain.com because there is no other www configured in nxginx and dns point to the server it defaults and redirect to https version.

http*://*.mydomain.com im not serving page with www subdomain nor any other subdomain, will https://mydomain.com fall into that regex ? - Yes, this does not cover my domain <!--The preceding resource was not rewritten because its domain (mydomain.com) is not authorized-->

In my experience pagespeed can't fecht https resource mainly by 2 reasons: As you can see most resource are fetched via https only main page and few images aint,

For images I found out that SmartSlider3 made static cache files for background and put those as src=//mydomain.com/static/background.jpg im unable to force it to be written as https, and from pagespeed docs // notation falls to http fetch - any ideas how to force it ? I found the way: Use protocol-relative URL in framework settings, not its default to wordpress settings which is https those links vanished.

I disabled memcache for pagespeed and fastcgi_cache for page; still issue is there; Also I disabled (removed) memcached caching from wordpress - no luck also;

Results for /?anyquery=1 and as you will see below the main page is http even when its should be https:

<!--Summary computation status for CriticalCssBeacon
Resource 0 http://mydomain.com/?anyquery=1:46: Computed OK
Resource 1 https://mydomain.com/wp-content/plugins/woocommerce-points-and-rewards/build/style-index.css?ver=1.7.18: Computed OK
Resource 2 https://mydomain.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1: Computed OK
Resource 3 https://mydomain.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5: Computed OK
Resource 4 https://mydomain.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5: Computed OK
Resource 5 http://mydomain.com/?anyquery=1:64: Computed OK
Resource 6 https://mydomain.com/wp-includes/css/classic-themes.min.css?ver=1: Computed OK
Resource 7 http://mydomain.com/?anyquery=1:69: Computed OK
Resource 8 https://mydomain.com/wp-content/plugins/pay-by-paynow-pl/assets/css/front.css?ver=2.4.10: Computed OK
Resource 9 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/frontend-style.css?ver=2.0.2: Computed OK
Resource 10 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/genericons.css?ver=6.1.1: Computed OK
Resource 11 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/font-awesome/font-awesome.min.css?ver=6.1.1: Computed OK
Resource 12 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/rtl_styles.css?ver=6.1.1: Fetch failed or resource not publicly cacheable
Resource 13 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/linear-icon-font.min.css?ver=6.1.1: Computed OK
Resource 14 https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/css/jquery.mCustomScrollbar.css?ver=2.0.2: Computed OK
Resource 15 http://mydomain.com/?anyquery=1:82: Computed OK
Resource 16 https://mydomain.com/wp-content/plugins/woocommerce-brands/assets/css/style.css?ver=1.6.38: Computed OK
Resource 17 https://mydomain.com/wp-content/plugins/yith-infinite-scrolling/assets/css/frontend.css?ver=1.8.0: Computed OK
Resource 18 https://mydomain.com/wp-content/themes/shoptimizer/style.css?ver=2.6.2: Fetch failed or resource not publicly cacheable
Resource 19 https://mydomain.com/wp-content/themes/shoptimizer-child-theme/style.css?ver=1.2.1: Fetch failed or resource not publicly cacheable
Resource 20 https://mydomain.com/wp-content/themes/shoptimizer/assets/css/main/main.min.css?ver=2.6.2: Computed OK
Resource 21 https://mydomain.com/wp-content/themes/shoptimizer/assets/css/main/modal.min.css?ver=2.6.2: Computed OK
Resource 22 https://mydomain.com/wp-content/themes/shoptimizer/assets/css/main/blocks.min.css?ver=2.6.2: Computed OK
Resource 23 https://mydomain.com/wp-content/plugins/newsletter/style.css?ver=7.5.6: Computed OK
Resource 24 https://mydomain.com/wp-content/plugins/woocommerce-product-bundles/assets/css/frontend/checkout-blocks.css?ver=6.16.1: Computed OK
Resource 25 https://mydomain.com/wp-content/plugins/woocommerce-waitlist/includes/css/src/wcwl_frontend.min.css?ver=2.3.0: Computed OK
Resource 26 https://mydomain.com/wp-content/themes/shoptimizer/assets/css/main/woocommerce.min.css?ver=2.6.2: Computed OK
Resource 27 https://mydomain.com/wp-content/plugins/woocommerce-product-bundles/assets/css/frontend/woocommerce.css?ver=6.16.1: Computed OK
Resource 28 https://mydomain.com/wp-content/plugins/smart-slider-3/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider.min.css?ver=23139749: Cannot create resource: either its domain is unauthorized and InlineUnauthorizedResources is not enabled, or it cannot be fetched (check the server logs)
Resource 29 http://mydomain.com/?anyquery=1:107: Computed OK
Resource 30 http://mydomain.com/?anyquery=1:125: Computed OK
Resource 31 http://mydomain.com/?anyquery=1:178: Computed OK
Resource 32 http://mydomain.com/?anyquery=1:319: Computed OK
-->

Edit: It looks like it "?fetch?" main page as http (or log it that way) and in message console on admin page there are lines like this: [Sat, 03 Dec 2022 22:52:15 GMT] [Info] [275895] http://mydomain.com/produkt/sg_103/:1095: Shrinking imagehttps://mydomain.com/wp-content/uploads/2021/03/sg_103.jpg' (147139 bytes) to https://mydomain.com/wp-content/uploads/2021/03/xsg_103.jpg.pagespeed.ic.0QsntovnWr.jpg' (26352 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] Resized low quality image (https://mydomain.com/wp-content/uploads/2021/03/sg_103.jpg) from 350x500(5868 bytes) to 320x320(4970 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] http://mydomain.com/produkt/sg_103/:1095 srcset entry for 350w: Shrinking imagehttps://mydomain.com/wp-content/uploads/2021/03/sg_103.jpg' (147139 bytes) to https://mydomain.com/wp-content/uploads/2021/03/xsg_103.jpg.pagespeed.ic.0QsntovnWr.jpg' (26352 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] Resized low quality image (https://mydomain.com/wp-content/uploads/2021/03/sg_103.jpg) from 350x500(5868 bytes) to 320x320(4970 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] http://mydomain.com/produkt/sg_103/:1095 srcset entry for 150w: Shrinking imagehttps://mydomain.com/wp-content/uploads/2021/03/sg_103-150x214.jpg' (8429 bytes) to https://mydomain.com/wp-content/uploads/2021/03/xsg_103-150x214.jpg.pagespeed.ic.bazljVbeHX.jpg' (7253 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] http://mydomain.com/produkt/sg_103/:1095 srcset entry for 210w: Shrinking imagehttps://mydomain.com/wp-content/uploads/2021/03/sg_103-210x300.jpg' (14648 bytes) to https://mydomain.com/wp-content/uploads/2021/03/xsg_103-210x300.jpg.pagespeed.ic.TsJxMULEqQ.jpg' (12240 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] http://mydomain.com/produkt/sg_103/:1095 srcset entry for 100w: Shrinking imagehttps://mydomain.com/wp-content/uploads/2021/03/sg_103-100x143.jpg' (4476 bytes) to https://mydomain.com/wp-content/uploads/2021/03/xsg_103-100x143.jpg.pagespeed.ic.uhceG9-500.jpg' (3837 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] http://mydomain.com/produkt/sg_103/:1131: Shrinking imagehttps://mydomain.com/wp-content/uploads/2021/03/sg_102-300x300.jpg' (19285 bytes) to https://mydomain.com/wp-content/uploads/2021/03/xsg_102-300x300.jpg.pagespeed.ic.bUQYYdLU4h.jpg' (16068 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] http://mydomain.com/produkt/sg_103/:1131 srcset entry for 300w: Shrinking imagehttps://mydomain.com/wp-content/uploads/2021/03/sg_102-300x300.jpg' (19285 bytes) to https://mydomain.com/wp-content/uploads/2021/03/xsg_102-300x300.jpg.pagespeed.ic.bUQYYdLU4h.jpg' (16068 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] http://mydomain.com/produkt/sg_103/:1131 srcset entry for 150w: Shrinking imagehttps://mydomain.com/wp-content/uploads/2021/03/sg_102-150x150.jpg' (6506 bytes) to https://mydomain.com/wp-content/uploads/2021/03/xsg_102-150x150.jpg.pagespeed.ic.QbPEYsYxul.jpg' (5585 bytes) [Sat, 03 Dec 2022 22:52:16 GMT] [Info] [275895] http://mydomain.com/produkt/sg_103/:1131 srcset entry for 32w: https://mydomain.com/wp-content/uploads/2021/03/sg_102-32x32.jpg: Too busy to rewrite image.

Is this normal ? or should there be only https there ?

I wasn't sure if you refer about wrong certificates as for server or fetcher so i checked both:

  1. I generated new certificates from Let's Encrypt with certbot
  2. I checked the configuration for ssl in pagespeed config: Im running RHEL 9 compatible OS (Rocky Linux 9), as for those the ssl configuration should be: 
    pagespeed SslCertDirectory /etc/pki/tls/certs/;
pagespeed SslCertFile /etc/pki/tls/cert.pem;
ls -la /etc/pki/tls/certs/
total 0
drwxr-xr-x. 2 root root  54 Nov  2 07:45 .
drwxr-xr-x. 5 root root 104 Nov  2 07:46 ..
lrwxrwxrwx. 1 root root  49 Sep 20 16:35 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root  55 Sep 20 16:35 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

cat /etc/pki/tls/cert.pem
...
# vTrus ECC Root CA
-----BEGIN CERTIFICATE-----
MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMw
RzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAY
BgNVBAMTEXZUcnVzIEVDQyBSb290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDcz
MTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28u
LEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYwEAYHKoZIzj0CAQYF
K4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+cToL0
v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUd
e4BdS49nTPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYD
VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIw
V53dVvHH4+m4SVBrm2nDb+zDfSXkV5UTQJtS0zvzQBm8JsctBp61ezaf9SXUY2sA
AjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQLYgmRWAD5Tfs0aNoJrSEG
GJTO
-----END CERTIFICATE-----

# vTrus Root CA
-----BEGIN CERTIFICATE-----
MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQEL
BQAwQzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4x
FjAUBgNVBAMTDXZUcnVzIFJvb3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMx
MDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoGA1UEChMTaVRydXNDaGluYSBDby4s
THRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZotsSKYc
IrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykU
AyyNJJrIZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+
GrPSbcKvdmaVayqwlHeFXgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z9
8Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KAYPxMvDVTAWqXcoKv8R1w6Jz1717CbMdH
flqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70kLJrxLT5ZOrpGgrIDajt
J8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2AXPKBlim
0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZN
pGvu/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQ
UqqzApVg+QxMaPnu1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHW
OXSuTEGC2/KmSNGzm/MzqvOmwMVO9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMB
AAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYgscasGrz2iTAPBgNVHRMBAf8E
BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAKbqSSaet
8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd
nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1j
bhd47F18iMjrjld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvM
Kar5CKXiNxTKsbhm7xqC5PD48acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIiv
TDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJnxDHO2zTlJQNgJXtxmOTAGytfdELS
S8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554WgicEFOwE30z9J4nfr
I8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4sEb9
b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNB
UvupLnKWnyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1P
Ti07NEPhmg4NpGaXutIcSkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929ven
sBxXVsFy6K2ir40zSbofitzmdHxghm+Hl3s=
-----END CERTIFICATE-----

So it looks like its ok ?

bigretromike commented 1 year ago

As soon as I disable LoadFromFileMatch all of the converted images that point's too https://mydomain.com/converted_imaga.pagespeed.ic.123456.webp are 404 on me....

Instead of LoadFromFileMatch rewriting domain works to as It did before for me: https://github.com/apache/incubator-pagespeed-ngx/issues/1566

But I still think that there is something wrong with my-setup or ngx_pagespeed;

bigretromike commented 1 year ago

I read about RespectXForwardedProto that if its not set it goes to http resources and mix content, even if im not using any cdn's or loadbalancer because its for those cases. Sadly no difference :(

Found: pagespeed UseNativeFetcher on; resolver 8.8.8.8; Results: Cannot fetch url 'https://mydomain.com/wp-content/plugins/total-gdpr-compliance/assets/js/frontend-script.js?ver=2.0.2': as https is not supported

Found (as page support gzip): pagespeed FetchWithGzip on; Results: Still http://mydomain.com in logs

In doc's I found: Setting the URL fetcher timeout [🔗](https://www.modpagespeed.com/doc/system#url_fetcher_timeout) When PageSpeed attempts to rewrite a resource for the first time, it must fetch it via HTTP. The default timeout for fetches is 5 seconds. A directive can be applied to change the timeout I hope HTTP is a typo and it should be HTTP/HTTPS

Edit: As I listed request in developer tools in browser I saw that beacon is still pointing to http version: https://mydomain.com/ngx_pagespeed_beacon?url=http://mydomain.com/ Also NoScript Filter also put http version and I have to disable it and add it manualy: <noscript><meta HTTP-EQUIV="refresh" content="0;url='http://mydomain.com/?PageSpeed=noscript'" /><style><!--table,div,span,font,p{display:none} --></style><div style="display:block">Please click <a href="http://mydomain.com/?PageSpeed=noscript">here</a> if you are not redirected within a few seconds.</div></noscript>

bigretromike commented 1 year ago

After downgrading pagespeed, trying it on fresh wordpress instalation, the beacon still point's to HTTP version of page when there is non, also the module try to access http://domain:443/ which is illegal. nginx 1.23.2